pdfreaders.org

Compliance Validation of Secure Service Compositions

by Achim D. Brucker, Luca Compagna, and Pierre Guilleminot

Cover for brucker.ea:aniketos-compliance:2014.The Aniketos Secure Composition Framework supports the specification of secure and trustworthy composition plans in term of BPMN@. The diversity of security and trust properties that is supported by the Aniketos framework allows, on the one hand, for expressing a large number of security and compliance requirements. On the other hand, the resulting expressiveness results in the risk that high-level compliance requirements (eg, separation of duty) are not implemented by low-level security means (eg, role-based access control configurations).

In this chapter, we present the Composition Security Validation Module (CSVM). The CSVM provides a service for checking the compliance of secure and trustworthy composition plans to the service designer. As proof-of-concept we created a prototype in which the CSVM module is deployed on the SAP NetWeaver Cloud and two CSVM Connectors are built supporting two well-known BPMN tools: SAP NetWeaver BPM and Activiti Designer.

Keywords: Validation, Security, BPMN, SecureBPMN, Compliance
Categories: ,
Documents: (full text as PDF file)

QR Code for brucker.ea:aniketos-compliance:2014.Please cite this article as follows:
Achim D. Brucker, Luca Compagna, and Pierre Guilleminot. Compliance Validation of Secure Service Compositions. In Secure and Trustworthy Service Composition: The Aniketos Approach. Lecture Notes in Computer Science: State of the Art Surveys (8900), pages 136-149, Springer-Verlag, 2014.
Keywords: Validation, Security, BPMN, SecureBPMN, Compliance
(full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1007/978-3-319-13518-2_10) (Share article on LinkedIn. Share article on CiteULike. )

BibTeX
@InCollection{ brucker.ea:aniketos-compliance:2014,
abstract = {The Aniketos Secure Composition Framework supports the specification of secure and trustworthy composition plans in term of BPMN\@. The diversity of security and trust properties that is supported by the Aniketos framework allows, on the one hand, for expressing a large number of security and compliance requirements. On the other hand, the resulting expressiveness results in the risk that high-level compliance requirements (\eg, separation of duty) are not implemented by low-level security means (\eg, role-based access control configurations).\\\\In this chapter, we present the Composition Security Validation Module (CSVM). The CSVM provides a service for checking the compliance of secure and trustworthy composition plans to the service designer. As proof-of-concept we created a prototype in which the CSVM module is deployed on the SAP NetWeaver Cloud and two CSVM Connectors are built supporting two well-known BPMN tools: SAP NetWeaver BPM and Activiti Designer.},
address = {Heidelberg},
author = {Achim D. Brucker and Luca Compagna and Pierre Guilleminot},
booktitle = {Secure and Trustworthy Service Composition: The Aniketos Approach},
doi = {10.1007/978-3-319-13518-2_10},
editor = {Achim D. Brucker and Fabiano Dalpiaz and Paolo Giorgini and Per H{\aa}kon Meland and Erkuden {Rios}},
isbn = {978-3-319-13517-5},
keywords = {Validation, Security, BPMN, SecureBPMN, Compliance},
number = {8900},
pages = {136--149},
pdf = {https://www.brucker.ch/bibliography/download/2014/brucker.ea-aniketos-compliance-2014.pdf},
publisher = {Springer-Verlag},
series = {Lecture Notes in Computer Science: State of the Art Surveys},
title = {Compliance Validation of Secure Service Compositions},
url = {https://www.brucker.ch/bibliography/abstract/brucker.ea-aniketos-compliance-2014},
year = {2014},
}